What is claimed is: 

1 . In a system comprising an application, a framework, and an 
implementation class which srovides an implementation for a particular service, a 
method performed by the framework, comprising: 

receiving a request from an application for a customized implementation of a 
particular service; 

instantiating an imp I ;mentation class which provides an implementation for 
the particular service to give rise to an implementation instance; 

determining a set of zero or more restrictions to be imposed on said 
customized implementation 

instantiating a wrapper class to give rise to a wrapper instance, said wrapper 
instance comprising enforcement logic for enforcing said restrictions; 

encapsulating said implementation instance and said restrictions within said 
wrapper instance; and 

providing said wrapper instance to the application as said customized 
implementation. 

2. The meth 
the application without 




3. The method 
unrestricted implementation 



claim 1, wherein said wrapper instance is invocable by 



interaction with the framework. 



of claim 1, wherein the implementation class provides an 
for the particular service. 



4. The method op claim 3, wherein the particular service is an 
encryption/decryption service, and wherein the unrestricted implementation provided 
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10 



15 



by the implementation class is capable of using unlimited encryption/decryption 
parameters. 

D 



5. The method of claiifi 
provided by the implementation c 
of any size. 



4, wherein the unrestricted implementation 
iss is capable of using encryption/decryption keys 



restrictions on said implementatu 



The method of clai n 1, wherein said enforcement logic enforces said 



instance. 



7. The method of claftm 6, wherein said enforcement logic enforces said 
restrictions on said implementation instance by: 

receiving a set of desired parameters from the application; 

determining whether the desired parameters exceed said restrictions; and 

in response to a determination that the desired parameters exceed said 
restrictions, preventing said implementation instance from operating. 



20 



25 



8. The method of claim 7, wherein said enforcement logic is invoked 
upon initialization of saiti wrapper instance. 

9. The method /of claim 1, wherein the system further comprises an 
exemption mechanism class which provides an implementation for a particular 



exemption mechanism, an< 
instantiating the ex 
mechanism instance; and 



wherein said method further comprises: 
emption mechanism class to give rise to an exemption 
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in response to a 
been invoked, preventing said 



encapsulating said exemption mechanism instance within said wrapper 
instance. 

10. The method of 
upon initialization of said wrapper 
logic: 

determines whether 

and 



aim 9, wherein said enforcement logic is invoked 
instance, and when invoked, said enforcement 

exemption mechanism instance has been invoked; 



deterniination that said exemption mechanism instance has not 
implementation instance from operating. 




j \ The method of 

opmore invocable methods, wl 
more invocable methods, and v\ 
mapping the one or mor 
one or more invocable methods 



aim 1, wherein said wrapper instance comprises one 
erein said implementation instance comprises one or 
herein encapsulating comprises: 
e invocable methods of said wrapper instance to the 
of said implementation instance. 



12. The method of ^laim 1, wherein instantiating the implementation class 
comprises: 

determining whether tlie implementation class is authentic; and 
in response to a deterniination that the implementation class is authentic, 
instantiating the implementation class to give rise to said implementation instance. 
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13. The method of claim 12, wherein the implementation class has a digital 
signature associated therewith, and wherein determining whether the implementation 
class is authentic comprises: 

verifying said digital signature. 



14. 



The method 



authenticates the framework 



Df claim 12, wherein the implementation class 
prior to giving rise to said implementation instance. 



15. The method o[f claim 1, wherein determining the set of zero or more 
restrictions comprises: 

accessing information! specifying one or more limitations; and 
processing said limitations to derive said restrictions. 



16. 



The method o 



encryption/decryption servic 3. 
more default encryption limi tations 



17. The method 
are derived by merging muljipl 
most restrictive encryption 



claim 1 5, wherein the particular service is an 
, and wherein said information comprises a set of one or 



^f claim 16, wherein said default encryption limitations 

e jurisdiction policies and extracting therefrom the 
limitations. 



18. The method of claim 1, wherein determining the set of zero or more 



restrictions comprises: 

accessing informatio[n 
determining permissions 
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specifying one or more limitations; 

if any, granted to the application; and 
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reconciling said limitations and said permissions to derive said restrictions. 

/ 



19. The method of claim 18, wherein said limitations and said permissions 

t ... 
are reconciled to derive restrictions which are least restrictive. 

\ 

20. The method of claim 1 8, wherein the particular service is an 
encryption/decryption service, and wherein said information comprises a set of one or 
more default encryption limitations, and a set of zero or more exempt encryption 
limitations which apply when one or more exemption mechanisms are implemented. 

2 1 . The metho I of claim 20, wherein said default encryption limitations 
and said exempt encryption limitations are derived by merging multiple jurisdiction 
policies and extracting therefrom the most restrictive encryption limitations. 

22. The methc d of claim 20, wherein reconciling said limitations and said 
permissions comprises: 

determining whether the application has been granted any permissions; and 
in response to a d€ termination that the application has not been granted any 
permissions, deriving saic restrictions from said set of default encryption limitations. 

23. The method of claim 20, wherein reconciling said limitations and said 
permissions comprises: 

determining whether the application has been granted any permissions which 
require implementation of Ji particular exemption mechanism; 
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in response to a determination that the application has been granted a 
permission which requires implementation of a particular exemption mechanism, 
determining whether said exempt encryption limitations allow said particular 
exemption mechanism to be implemented; and 

in resporfse to a determination that said exempt encryption limitations allow 
said particular exemption mechanism to be implemented, deriving said restrictions 
fromsmd set of exempt encryption limitations. 

24. In a system comprising an applicatioiVand an implementation class 
which provides an implementation for a particular/service, a framework comprising: 

a mechanism for receiving a request from an application for a customized 
implementation of a particular service; / 

a mechanism for instantiating am implementation class which provides an 
implementation for the particular service to give rise to an implementation instance; 

a mechanism for determining a set of zero or more restrictions to be imposed 
on said customized implementation; 

a mechanism for inkm^tiating a wrapper class to give rise to a wrapper 
instance, said wrapper instancy comprising enforcement logic for enforcing said 
restrictions; / 

a mechanism for encapsulating said implementation instance and said 
restrictions within said wrapper instance; and 

a mechanism for providing said wrapper instance to the application as said 
customized^ implementation. 
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25. The framew 



by the application without 



>rk of claim 24, wherein said wrapper instance is invocable 
irther interaction with the framework. 



26. The framework of claim 24, wherein the implementation class provides 
5 an unrestricted implementatiok for the particular service. 



10 



15 



20 



27. The framework 
encryption/decryption service 



of claim 26, wherein the particular service is an 
and wherein the unrestricted implementation provided 
by the implementation class i£ capable of using unlimited encryption/decryption 
parameters. 



28. The framework 
provided by the implement; 
of any size. 



of claim 27, wherein the unrestricted implementation 
ation class is capable of using encryption/decryption keys 



29. The franQVc 
said restrictions on said inro 



rk of claim 24, wherein said enforcement logic enforces 
kemdntation instance. 



30. The 
said restrictions on said 
receiving a set of 
determining whether 
in response to a 
restrictions, preventing said 



25 



framework of claim 29, wherein said enforcement logic enforces 
implementation instance by: 
desired parameters from the application; 

the desired parameters exceed said restrictions; and 
determination that the desired parameters exceed said 
implementation instance from operating. 
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31. The framework of claim 30, wherein said enforcement logic is invoked 
upon initialization of said wrapper instance. 



32. The framework of claim 24, wherein the system further comprises an 
exemption mechanism class w rich provides an implementation for a particular 
exemption mechanism, and wt erein said framework further comprises: 

a mechanism for instantiating the exemption mechanism class to give rise to 
an exemption mechanism instance; and 

a mechanism for encapsulating said exemption mechanism instance within 
said wrapper instance. 

33. The framework of claim 32, wherein said enforcement logic is invoked 
upon initialization of saicj ^ajspsr instance, and when invoked, said enforcement 
logic: 

Exemption mechanism instance has been invoked; 



determines whether sai 



and 



been invoked, preventing said 



in response to a determination that said exemption mechanism instance has not 



implementation instance from operating. 



The framework of claim Zfa wherein said wrapper instance comprises 
or more invocable methods, wherein said implementation instance comprises one 
or more invocable methods, and Wnerein the mechanism for encapsulating comprises: 
a mechanism for mapping the one or more invocable methods of said wrapper 
instance to the one or moreanvocable methods of said implementation instance. 
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35. The framework of claim 24, wherein the mechanism for instantiating 
the implementation class comprises: 

a mechanism for determining whether the implementation class is authentic; 

and 

a mechanism for instantiating, in response to a determination that the 
implementation class is au ;hentic, the implementation class to give rise to said 
implementation instance. 




36. The framevtork 
10 digital signature associated 
whether the implementation 
a mechanism for vm 



37. The 
authenticates the framewo 



of claim 35, wherein the implementation class has a 
therewith, and wherein the mechanism for determining 
class is authentic comprises: 
fying said digital signature. 



framework of claim 35, wherein the implementation class 

k prior to giving rise to said implementation instance. 



20 



38. The framework of claim 24, wherein the mechanism for determining 
the set of zero or more restrictions comprises: 

a mechanism for accessing information specifying one or more limitations; 

and 

a mechanism for processing said limitations to derive said restrictions. 



39. The framewor] 
encryption/decryption service 
25 more default encryption limit 



of claim 38, wherein the particular service is an 

and wherein said information comprises a set of one or 

tions. 
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40. The framework of claim 39, wherein said default encryption limitations 
are derived by merging multiple jurisdiction policies and extracting therefrom the 
most restrictive encrjption limitations. 

41. The framework of claim 24, wherein the mechanism for determining 
the set of zero or more restrictions comprises: 

a mechanism for accessing information specifying one or more limitations; 
a mechanism for determining permissions, if any, granted to the application; 



10 and 



a mechanic n for reconciling said limitations and said permissions to derive 
said restrictions. 



42. The 
15 permissions are rec 



framework of claim 41, wherein said limitations and said 
)nciled to derive restrictions which are least restrictive. 



43. The 
encryption/decrypt: 
more default 
limitations which 



Iramework of claim 41, wherein the particular service is an 
i0n service, and wherein said information comprises a set of one or 
encryption limitations, and a set of zero or more exempt encryption 

when one or more exemption mechanisms are implemented. 



apply 



44. The frjimework of claim 43, wherein said default encryption limitations 
and said exempt encryption limitations are derived by merging multiple jurisdiction 



policies and extracting 



25 



therefrom the most restrictive encryption limitations. 
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45. 



The frame wi 



of claim 43 , wherein the mechanism for reconciling 



said limitations and said permissions comprises: 

a mechanism for determining whether the application has been granted any 
permissions; and 

a mechanism for deriving, in response to a determination that the application 
has not been granted any perryrissions, said restrictions from said set of default 
encryption limitations. 



a mechanism for d 
permissions which require 



46. The framework of claim 43, wherein the mechanism for reconciling 
said limitations and said permissions comprises: 

stermining whether the application has been granted any 
implementation of a particular exemption mechanism; 
a mechanism for djetermining, in response to a determination that the 
application has been granted a permission which requires implementation of a 
particular exemption mec lanism, whether said exempt encryption limitations allow 
said particular exemption mechanism to be implemented; and 

a mechanism for c eriving, in response to a determination that said exempt 
encryption limitations allow said particular exemption mechanism to be implemented, 
said restrictions from saic set of exempt encryption limitations. 

/ 

47. In a system comprising an^pplication and an implementation class 
which provides an implementation \ovA particular service, a computer readable 
medium having stored thereon instru^nons which, when executed by one or more 
processors, cause the one or mcfre processors to implement a framework which 
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dynamically constructs a customized implementation, said computer readable medium 



application for a customized 



composing: 

instructions for causihg one or more processors to receive a request from an 

implementation of a particular service; 
instructions for causing one or more processors to instantiate an 
implementation class which provides an implementation for the particular service to 
give rise to an implementation instance; 

instructions for causing one or more processors to determine a set of zero or 
more restrictions to be impjbsed on said customized implementation; 

instructions for cai sing one or more processors to instantiate a wrapper class 
to give rise to a wrapper instance, said wrapper instance comprising enforcement logic 
for enforcing said restrictions; 

instructions for causing one or more processors to encapsulate said 
implementation instance a nd said restrictions within said wrapper instance; and 
instructions for causing one or more processors to provide said wrapper 
as said customized implementation. 



instance to the application 

48. The o 
instance is invocable by tli 
framework. 




readable medium of claim 47, wherein said wrapper 
application without further interaction with the 



49. The compul er readable medium of claim 47, wherein the 



implementation class provi 



les an unrestricted implementation for the particular 



service. 
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50. The computer read^BJe medium of claim 49, wherein the particular 
service is an encryption/decryption service, and wherein the unrestricted 
implementation provided by the implementation class is capable of using unlimited 



encryption/decryption parameters. 



/ 



5 1 . The computer readable medium of claim 50, wherein the unrestricted 
implementation provided by the implementation class is capable of using 
encryption/decryption keys of any size. 



52. The computer readable medium of claim 47, wherein said enforcement 
logic enforces said restrictions on said implementation instance. 



53. The computer readable medium of claim 52, wherein said enforcement 
logic enforces said restrictions on said implementation instance by: 
receiving a set of desired parameters from the application; 
determining whether tt e desired parameters exceed said restrictions; and 
in response to a det^mj^iatjfon that the desired parameters exceed said 
restrictions, preventing said implementation instance from operating. 




54. The computer readable medium of claim 53, wherein said enforcement 
logic is invoked upon initialization of said wrapper instance. 



55. The computer readable medium of claim 47, wherein the system 



further comprises an exemptio 



mechanism class which provides an implementation 
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for a particular exemption mechanism, and wherein said computer readable medium 
further comprises: 

instructions for causing oVie or more processors to instantiate the exemption 
mechanism class to give rise to an exemption mechanism instance; and 

instructions for causing one or more processors to encapsulate said exemption 
mechanism instance within said wi apper instance. 




on mechanism instance has been invoked; 



56. The computer readable medium of claim 55, wherein said enforcement 
logic is invoked upon initialization :>f said wrapper instance, and when invoked, said 
enforcement logic: 

determines whether said 1 

and 

in response to a determination that said exemption mechanism instance has not 
been invoked, preventing said implementation instance from operating. 

The computer readable medium <z>f claim 47, wherein said wrapper 
instance comprises one or more invocable methods, wherein said implementation 
instance comprises one or more invocable ^methods, and wherein the instructions for 
causing one or more processors to encapsulate comprises: 

instructions for causing one or more processors to map the one or more 
invocable methods of said wrappe/ instance to the one or more invocable methods of 
said implementation instance. 




58. The computer readable medium of claim 47, wherein the instructions 
for causing one or more processors to instantiate the implementation class comprises: 
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instructions for causing one or more processors to determine whether the 

ic; and 



implementation class is authen 
instructions for causing 
determination that the implem* 



one or more processors to instantiate, in response to a 
ntation class is authentic, the implementation class to 



give rise to said implementation instance. 



59. The computer readable medium of claim 58, wherein the 
implementation class has a (Aigital signature associated therewith, and wherein the 
instructions for causing one or more processors to determine whether the 
implementation class is authentic comprises: 

instructions for causing one or more processors to verify said digital signature. 

60. The compi ter readable medium of claim 58, wherein the 
implementation class autl: enticates the framework prior to giving rise to said 
implementation instance. 



61. The 
for causing one or more 



completer readable medium of claim 47, wherein the instructions 
pi ocessors to determine the set of zero or more restrictions 



comprises: 

instructions for cajusing one or more processors to access information 
specifying one or more limitations; and 

instructions for cjausing one or more processors to process said limitations to 
derive said restrictions. 
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62. The computer readable medium of claim 61, wherein the particular 
service is an encryption/decryption service, and wherein said information comprises a 
set of one or more default encryption limitations. 

63. The computer readable medium of claim 62, wherein said default 
encryption limitations are derived by merging multiple jurisdiction policies and 
extracting therefrom the most restrictive encryption limitations. 



64. The computer 
for causing one or more 



readable medium of claim 47, wherein the instructions 
processors to determine the set of zero or more restrictions 



specifying one or more 



comprises; 

instructions for ciusing one or more processors to access information 
mitations; 

instructions for causing one or more processors to determine permissions, if 
any, granted to the applic ation; and 

instructions for causing one or more processors to reconcile said limitations 
and said permissions to c erive said restrictions. 



65. The computer 
and said permissions are 



readable medium of claim 64, wherein said limitations 
Reconciled to derive restrictions which are least restrictive. 



66. The computer readable medium of claim 64, wherein the particular 
service is an encryption/decryption service, and wherein said information comprises a 
set of one or more default encryption limitations, and a set of zero or more exempt 
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encryption limitations whicn apply when one or more exemption mechanisms are 
implemented. 



67. The computet readable medium of claim 66, wherein said default 
encryption limitations and i aid exempt encryption limitations are derived by merging 
multiple jurisdiction policies and extracting therefrom the most restrictive encryption 
limitations. 

68. The computer readable medium of claim 66, wherein the instructions 
for causing one or more processors to reconcile said limitations and said permissions 
comprises: 

instructions for causing one or more processors to determine whether the 
application has been granted any permissions; and 

instructions for causing one or more processors to derive, in response to a 
determination that the application has not been granted any permissions, said 
restrictions from said sej of default encryption limitations. 



69. The corrfp 
for causing one or more 



composes: 

instructions 
application has been 
particular exemption 

instructions for 
determination that the 



uter readable medium of claim 66, wherein the instructions 
processors to reconcile said limitations and said permissions 



for causing one or more processors to determine whether the 
granted any permissions which require implementation of a 
nfechanism; 

causing one or more processors to determine, in response to a 
ipplication has been granted a permission which requires 
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implementation of a particular exemption mechanism, whether said exempt 
encryption limitations allow sajdparticular exemption mechanism to be implemented; 
and / 

instructions/for causing one or more processors to derive, in response to a 
determination/tnat said exempt encryption limitations allow said particular exemption 
mechamOTi to be implemented, said restrictions from said set of exempt encryption 
limitations. 
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